build(deps): bump github/codeql-action/init from 4.36.2 to 4.36.3#479
build(deps): bump github/codeql-action/init from 4.36.2 to 4.36.3#479dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [github/codeql-action/init](https://github.com/github/codeql-action) from 4.36.2 to 4.36.3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@8aad20d...54f647b) --- updated-dependencies: - dependency-name: github/codeql-action/init dependency-version: 4.36.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…on PRs (#485) The two red dependabot PRs (#479 init, #481 analyze) were not a code problem: dependabot split one logical bump (github/codeql-action 4.36.2 -> 4.36.3) into a separate PR per sub-action, but codeql.yml pins init and analyze to the same SHA and codeql-action rejects an init/analyze version mismatch. Each PR alone ran init@4.36.2 + analyze@4.36.3 (or the reverse) -> "Analyze C" failed, and merging either alone would have skewed main. Fix: bump init, analyze (codeql.yml) and upload-sarif (scorecard.yml) to v4.36.3 together — codeql-action is a monorepo, so all three share SHA 54f647b7e1bb85c95cddabcd46b0c578ec92bc1a. This supersedes #479 and #481. Prevent recurrence: group all github-actions bumps into one dependabot PR, so the codeql-action sub-actions always move in lockstep instead of skewing. Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
Superseded by #485, which bumps codeql-action/init, /analyze, and /upload-sarif to v4.36.3 together (in lockstep). This PR bumped only one sub-action, creating an init/analyze version skew that failed |
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
Bumps github/codeql-action/init from 4.36.2 to 4.36.3.
Release notes
Sourced from github/codeql-action/init's releases.
Changelog
Sourced from github/codeql-action/init's changelog.
... (truncated)
Commits
54f647bMerge pull request #3984 from github/update-v4.36.3-1f34ec164e78819eTrigger checks2c9d3d6Update changelog for v4.36.31f34ec1Merge pull request #3983 from github/mbg/repo-props/ff-for-config-file-propd5f0145Log when repository property has a value but is ignoredf27f563Add test for when the FF is off0025d0fUse FFf7fa18fAdd FF for config file repo property628fc3fMerge pull request #3979 from github/henrymercer/overlay-db-cleanup-size-tele...9cfb67bAdd clarifying commentsDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)